9413 matches found
bmon -- unsafe set-user-ID application
Jon Nistor reported that the FreeBSD port of bmon was installed set-user-ID root, and executes commands using relative paths. This could allow local user to easily obtain root privileges...
Centrinity FirstClass HTTP Server 5/7 - 'TargetName' Cross-Site Scripting
source: https://www.securityfocus.com/bid/9950/info It has been reported that FirstClass HTTP Server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue presents itself due to insufficient...
CVE-2004-2080
Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier SSID to a single space, which prevents Red-Alert from correctly identifying the SSID...
Microsoft Internet Explorer contains buffer overflow in Type attribute of OBJECT element on double-byte character set systems
Overview Certain versions of Microsoft Internet Explorer IE that support double-byte character sets DBCS contain a buffer overflow vulnerability in the Type attribute of the OBJECT element. A remote attacker could execute arbitrary code with the privileges of the user running IE. Description...
[NT] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
DEBIAN-CVE-2003-0396
Buffer overflow in les for ATM on Linux linux-atm before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument...
ChiTeX/ChiLaTeX unsafe set-user-id root
Niels Heinen reports that ChiTeX installs set-user-id root executables that invoked system3 without setting up the environment, trivially allowing local root compromise...
Unpassworded 'lp' Account
The account 'lp' has no password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "lp"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11246; scriptversion"1.36";...
Unpassworded 'jack' Account
The account 'jack' has no password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "jack"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11249; scriptversion"1.35";...
Default Password (guest) for 'guest' Account
The account 'guest' has the password 'guest' set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "guest"; password = "guest"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11256;...
Unpassworded 'guest' Account
The account 'guest' has no password set. An attacker may use it to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "guest"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11240; scriptversion"1.35";...
Unpassworded 'tutor' Account
The account 'tutor' has no password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "tutor"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11251; scriptversion"1.34";...
Unpassworded 'EZsetup' Account
The account 'EZsetup' has no password set. An attacker may use it to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "EZsetup"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11241; scriptversion"1.36";...
Unpassworded '4Dgifts' Account
The account '4Dgifts' has no password set. An attacker may use it to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11243; scriptversion"1.37";...
Unpassworded 'backdoor' Account
The account 'backdoor' has no password set. An attacker may use it to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11250; scriptversion"1.37";...
Unpassworded 'StoogR' Account
The account 'StoogR' has no password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "StoogR"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11259; scriptversion"1.35";...
OpenVMS weak passwords
Llimit character set, case insensitivity and fast encryption algorythm allow password bruteforcing...
CVE-2002-0939
The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user module protection only...
CVE-2002-0940
domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user module protection only...
security flaw
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via 1 GetRequest, 2 GetNextRequest, and 3 SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly...